| Index: nss/mozilla/security/nss/lib/libpkix/include/pkix_revchecker.h
|
| ===================================================================
|
| --- nss/mozilla/security/nss/lib/libpkix/include/pkix_revchecker.h (revision 0)
|
| +++ nss/mozilla/security/nss/lib/libpkix/include/pkix_revchecker.h (revision 0)
|
| @@ -0,0 +1,250 @@
|
| +/* ***** BEGIN LICENSE BLOCK *****
|
| + * Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
| + *
|
| + * The contents of this file are subject to the Mozilla Public License Version
|
| + * 1.1 (the "License"); you may not use this file except in compliance with
|
| + * the License. You may obtain a copy of the License at
|
| + * http://www.mozilla.org/MPL/
|
| + *
|
| + * Software distributed under the License is distributed on an "AS IS" basis,
|
| + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
| + * for the specific language governing rights and limitations under the
|
| + * License.
|
| + *
|
| + * The Original Code is the PKIX-C library.
|
| + *
|
| + * The Initial Developer of the Original Code is
|
| + * Sun Microsystems, Inc.
|
| + * Portions created by the Initial Developer are
|
| + * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
|
| + *
|
| + * Contributor(s):
|
| + * Sun Microsystems, Inc.
|
| + *
|
| + * Alternatively, the contents of this file may be used under the terms of
|
| + * either the GNU General Public License Version 2 or later (the "GPL"), or
|
| + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
| + * in which case the provisions of the GPL or the LGPL are applicable instead
|
| + * of those above. If you wish to allow use of your version of this file only
|
| + * under the terms of either the GPL or the LGPL, and not to allow others to
|
| + * use your version of this file under the terms of the MPL, indicate your
|
| + * decision by deleting the provisions above and replace them with the notice
|
| + * and other provisions required by the GPL or the LGPL. If you do not delete
|
| + * the provisions above, a recipient may use your version of this file under
|
| + * the terms of any one of the MPL, the GPL or the LGPL.
|
| + *
|
| + * ***** END LICENSE BLOCK ***** */
|
| +/*
|
| + * This file defines functions associated with the PKIX_RevocationChecker
|
| + * type.
|
| + *
|
| + */
|
| +
|
| +#ifndef _PKIX_REVCHECKER_H
|
| +#define _PKIX_REVCHECKER_H
|
| +
|
| +#include "pkixt.h"
|
| +#include "pkix_pl_pki.h"
|
| +
|
| +#ifdef __cplusplus
|
| +extern "C" {
|
| +#endif
|
| +
|
| +/* General
|
| + *
|
| + * Please refer to the libpkix Programmer's Guide for detailed information
|
| + * about how to use the libpkix library. Certain key warnings and notices from
|
| + * that document are repeated here for emphasis.
|
| + *
|
| + * All identifiers in this file (and all public identifiers defined in
|
| + * libpkix) begin with "PKIX_". Private identifiers only intended for use
|
| + * within the library begin with "pkix_".
|
| + *
|
| + * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
|
| + *
|
| + * Unless otherwise noted, for all accessor (gettor) functions that return a
|
| + * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
|
| + * shared object. Therefore, the caller should treat this shared object as
|
| + * read-only and should not modify this shared object. When done using the
|
| + * shared object, the caller should release the reference to the object by
|
| + * using the PKIX_PL_Object_DecRef function.
|
| + *
|
| + * While a function is executing, if its arguments (or anything referred to by
|
| + * its arguments) are modified, free'd, or destroyed, the function's behavior
|
| + * is undefined.
|
| + *
|
| + */
|
| +
|
| +/* PKIX_RevocationChecker
|
| + *
|
| + * PKIX_RevocationChecker provides a standard way of revocation checking.
|
| + * Caller should configure two set of tests(represented at lists of
|
| + * RevocationMethod objects) to be performed on the leaf and on the rest of
|
| + * the chain certificates.
|
| + *
|
| + * PKIX_RevocationMethods provide a standard way for the caller to insert
|
| + * their own custom revocation checks to verify the revocation status of
|
| + * certificates. This may be useful in many scenarios, including when the
|
| + * caller wishes to use their own revocation checking mechanism instead of (or
|
| + * in addition to) the default revocation checking mechanism provided by
|
| + * libpkix, which uses CRLs and OCSP.
|
| + *
|
| + * Once the caller has created the RevocationMethod object(s), the caller
|
| + * then specifies the RevocationMethod object(s) in a RevocationCheck object
|
| + * and sets it into a ProcessingParams.
|
| + */
|
| +
|
| +/*
|
| + * FUNCTION: PKIX_RevocationChecker_Create
|
| + * DESCRIPTION:
|
| + *
|
| + * Creates revocation checker object with a given flags.
|
| + *
|
| + * PARAMETERS:
|
| + * "revDate"
|
| + * Revocation will be checked at this date. Current date is taken if the
|
| + * parameter is not specified.
|
| + * "leafMethodListFlags"
|
| + * Defines a set of method independent flags that will be used to check
|
| + * revocation of the leaf cert in the chain.
|
| + * "chainMethodListFlags"
|
| + * Defines a set of method independent flags that will be used to check
|
| + * revocation of the remaining certs in the chain.
|
| + * "pChecker"
|
| + * The return address of created checker.
|
| + * "plContext"
|
| + * Platform-specific context pointer.
|
| + * THREAD SAFETY:
|
| + * Thread Safe
|
| + *
|
| + * Multiple threads must be able to safely call this function without
|
| + * worrying about conflicts, even if they're operating on the same objects.
|
| + * RETURNS:
|
| + * Returns NULL if the function succeeds.
|
| + * Returns a RevocationChecker Error if the function fails in a non-fatal way.
|
| + * Returns a Fatal Error if the function fails in an unrecoverable way.
|
| + */
|
| +PKIX_Error *
|
| +PKIX_RevocationChecker_Create(
|
| + PKIX_UInt32 leafMethodListFlags,
|
| + PKIX_UInt32 chainMethodListFlags,
|
| + PKIX_RevocationChecker **pChecker,
|
| + void *plContext);
|
| +
|
| +/*
|
| + * FUNCTION: PKIX_RevocationChecker_CreateAndAddMethod
|
| + * DESCRIPTION:
|
| + *
|
| + * Creates revocation method object with given parameters and adds it
|
| + * to revocation checker method list.
|
| + *
|
| + * PARAMETERS:
|
| + * "revChecker"
|
| + * Address of revocation checker structure.
|
| + * "procParams"
|
| + * Address of ProcessingParams used to initialize the checker.
|
| + * Must be non-NULL.
|
| + * "methodType"
|
| + * Type of the method. Currently only two types are
|
| + * supported: crl and ocsp. (See PKIX_RevocationMethodType enum).
|
| + * "methodFlags"
|
| + * Set of flags for the method.
|
| + * "methodPriority"
|
| + * Method priority. (0 corresponds to a highest priority)
|
| + * "verificationFn"
|
| + * User call back function that will perform validation of fetched
|
| + * revocation information(new crl or ocsp response)
|
| + * "isLeafMethod"
|
| + * Boolean flag that if set to true indicates that the method should
|
| + * should be used for leaf cert revocation test(false for chain set
|
| + * methods).
|
| + * "plContext"
|
| + * Platform-specific context pointer.
|
| + * THREAD SAFETY:
|
| + * Thread Safe
|
| + *
|
| + * Multiple threads must be able to safely call this function without
|
| + * worrying about conflicts, even if they're operating on the same objects.
|
| + * RETURNS:
|
| + * Returns NULL if the function succeeds.
|
| + * Returns a RevocationChecker Error if the function fails in a non-fatal way.
|
| + * Returns a Fatal Error if the function fails in an unrecoverable way.
|
| + */
|
| +PKIX_Error *
|
| +PKIX_RevocationChecker_CreateAndAddMethod(
|
| + PKIX_RevocationChecker *revChecker,
|
| + PKIX_ProcessingParams *params,
|
| + PKIX_RevocationMethodType methodType,
|
| + PKIX_UInt32 methodFlags,
|
| + PKIX_UInt32 mathodPriority,
|
| + PKIX_PL_VerifyCallback verificationFn,
|
| + PKIX_Boolean isLeafMethod,
|
| + void *plContext);
|
| +
|
| +/*
|
| + * FUNCTION: PKIX_RevocationChecker_Check
|
| + * DESCRIPTION:
|
| + *
|
| + * Verifies revocation status of the certificate. Issuer cert is given to
|
| + * be used in verification of revocation information. Performed verification
|
| + * check depends on configured revocation methods(ocsp, crl. See
|
| + * PKIX_RevocationChecker_CreateAndAddMethod function) and a point of chain
|
| + * building process at which PKIX_RevocationChecker_Check was invoked.
|
| + * For security reasons, the cert status is checked only against cached
|
| + * revocation information during chain building stage(no trust anchor yes has
|
| + * been found). The fresh revocation information fetching is done only at chain
|
| + * verification stage after trust anchor was identified.
|
| + *
|
| + * PARAMETERS:
|
| + * "cert"
|
| + * Address of Cert whose revocation status is to be determined.
|
| + * Must be non-NULL.
|
| + * "issuer"
|
| + * Issuer cert that potentially holds public key that will be used
|
| + * to verify revocation info.
|
| + * "revChecker"
|
| + * Address of revocation checker structure.
|
| + * "procParams"
|
| + * Address of ProcessingParams used to initialize the checker.
|
| + * Must be non-NULL.
|
| + * "chainVerificationState"
|
| + * Need to be set to true, if the check was called during chain verification
|
| + * as an opposite to chain building.
|
| + * "testingLeafCert"
|
| + * Set to true if verifying revocation status of a leaf cert.
|
| + * "revStatus"
|
| + * Address of the returned revocation status of the cert.
|
| + * "pResultCode"
|
| + * Address where revocation status will be stored. Must be non-NULL.
|
| + * "pNBIOContext"
|
| + * Address at which platform-dependent non-blocking I/O context is stored.
|
| + * Must be non-NULL.
|
| + * "plContext"
|
| + * Platform-specific context pointer.
|
| + * THREAD SAFETY:
|
| + * Thread Safe
|
| + *
|
| + * Multiple threads must be able to safely call this function without
|
| + * worrying about conflicts, even if they're operating on the same objects.
|
| + * RETURNS:
|
| + * Returns NULL if the function succeeds.
|
| + * Returns a RevocationChecker Error if the function fails in a non-fatal way.
|
| + * Returns a Fatal Error if the function fails in an unrecoverable way.
|
| + */
|
| +PKIX_Error *
|
| +PKIX_RevocationChecker_Check(PKIX_PL_Cert *cert,
|
| + PKIX_PL_Cert *issuer,
|
| + PKIX_RevocationChecker *revChecker,
|
| + PKIX_ProcessingParams *procParams,
|
| + PKIX_Boolean chainVerificationState,
|
| + PKIX_Boolean testingLeafCert,
|
| + PKIX_RevocationStatus *revStatus,
|
| + PKIX_UInt32 *pReasonCode,
|
| + void **pNbioContext,
|
| + void *plContext);
|
| +
|
| +#ifdef __cplusplus
|
| +}
|
| +#endif
|
| +
|
| +#endif /* _PKIX_REVCHECKER_H */
|
|
|
| Property changes on: nss/mozilla/security/nss/lib/libpkix/include/pkix_revchecker.h
|
| ___________________________________________________________________
|
| Added: svn:executable
|
| + *
|
| Added: svn:eol-style
|
| + LF
|
|
|
|
|
Chromium Code Reviews
Issue 7530005:
Add all NSS files to allow using a complete NSS in the future. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/